1. Field
Embodiments of the present invention generally relate to the field of software code analysis. More specifically, embodiments of the present invention refer to a software code analysis tool with wide code coverage.
2. Background
Software testing is an important component of a software quality assurance process. Software faults can occur from a variety of reasons. For instance, a software fault can occur when a programmer makes an error in software source code. In another instance, a software fault can occur due to hardware environment changes such as the software being run on a new hardware platform. It is the task of software developers and quality assurance engineers to find these faults and provide solutions for these defects in a timely manner. As such, to ensure a timely distribution of high-quality software to consumers, software vendors continually seek methods and analysis tools to improve the software development process.
One conventional technique used to find faults in software code is “fuzz” testing.
Fuzz testing is a form of black-box testing that provides either random data or otherwise deliberately malformed data to inputs. The results of the fuzz test indicate whether the code fails or crashes as a result of the random inputs. However, the randomness of the inputs used in fuzz testing may yield a large amount of false negative errors. False negative errors refer to a scenario where faults exist in code, but the code analyzer fails to report them. In the case of fuzz testing, the likelihood of catching a subtle boundary-value condition in software code with random inputs is highly unlikely.
Another conventional technique used to find faults in software code is static code analysis. Static code analysis refers to an analysis of code without executing the program. Typically, static code analysis is performed on a version of the software code, where the sophistication of the analysis varies based on the level of modeling by the software developer (e.g., mathematical modeling and interpretation of individual statements and declarations in a section of source code or the entire source code). In addition to generating false negatives, the static code analysis technique may also generate a significant number of false positive errors. False positive errors refer to a scenario where the code analyzer reports a fault when a fault does not exist.